Defining Continuous Data Protection

recently i met a CIO of a pharma organization having presence in more than 17 countries. during the discussion, he asked me what were my thoughts on the ‘continuous data protection’.

in the recent past, i have also attended presentation from few vendors and oem’s and have heard their version of ‘continuous data protection’ (CDP). almost all offer, what i can call as “backup and recovery’ solutions under the guise of CDP.

if you look at wikipedia, the term is defined as “Continuous data protection (CDP), also called continuous backup or real-time backup, refers to backup of computer data by automatically saving a copy of every change made to that data, essentially capturing every version of the data that the user saves. It allows the user or administrator to restore data to any point in time” (refer – http://en.wikipedia.org/wiki/Continuous_data_protection)

however i don’t agree with the definition.

if you look at the definition of the word “protection” – “In Computer science, protection mechanisms are built into a computer architecture to support the enforcement of security policies. A simple definition of a security policy is “to set who may use what information in a computer system”. (refer – http://en.wikipedia.org/wiki/Protection_mechanism)

extending the definition with contex to data, it means – enforcement of security policies to define who may use what information or data in a computer system. hence CDP is a framework of preventive, detective and reactive controls to protect the information stored in any computer system. the backup & recovery solutions which are being sold as CDP solutions consitute only the reactive controls.

the concept, is hence simple – basically, protect the data wherever it is created, ensures that there are necessary access control in place to safeguard against unauthorized access and modification, ensure that the data and information is prevented from unauthorized copying in removable media and transmission (email etc), and in case of accidental or unauthorized destruction, have approproate controls to recover the data and information from backup media.

hence, in my opinion, whoever is looking for CDP solution needs to look at the following solutions at the minimum:-

  1. data classification solutions
  2. data leakage prevention solutions (host and network)
  3. user activity monitoring solutions
  4. backup and recovery solutions

when i shared my approach to the CIO of the pharma organization, i was glad he agreed with the concept. he was concerned by recent cases of loss of information from the R&D centers and was looking at a framework to protect the data and the information created and stored in the validated IT systems in the research labs. right now, we are working on developing the framework for the CDP and talking to various solution providers and OEM’s to see how these solutions can work in tandem without reducing the effeciency and productivity of the employees.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: